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Application No.: Not Yet Assigned 

IN THE CLAIMS: 

1 . (Original) A method for processing data packets sent through a network, comprising: 
receiving data packets from a host through the network wherein the received packets were, prior 

to receipt, encrypted and fragmented after encryption; 

reassembling the fragmented packets using a communication protocol offload engine in a network 
adaptor coupling a host central processing unit to the network; 

decrypting the reassembled packets of encryption using a security offload engine in the network 
adaptor; and 

forwarding the decrypted and reassembled packets to the communication protocol offload engine. 

2. (Original) The method of claim 1 further comprising: 

receiving from a remote host through the network additional packets which were encrypted in a 
first encryption, fragmented after the first encryption and encrypted in a second encryption after the 
fragmentation; 

decrypting the fragmented packets of the second encryption of using the security offload engine; 

reassembling the fragmented packets decrypted of the second encryption using a communication 
protocol offload engine; 

decrypting the reassembled packets of the first encryption using the security offload engine; and 

forwarding the decrypted and reassembled additional packets to the communication protocol 
offload engine. 

3. (Original) The method of claim 1, further comprising: 

receiving from a remote host through the network additional packets which were encrypted and 
fragmented after all encryption; 

reassembling the fragmented additional packets using the communication protocol offload 

engine; 

decrypting the reassembled additional packets of encryption using the security offload engine; 

and 
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forwarding the decrypted and reassembled additional packets to the communication protocol 
offload engine. 

4. (Original) The method of claim 1, further comprising: 

receiving from a remote host through the network additional packets which were fragmented and 
then encrypted; 

decrypting the fragmented additional packets of encryption using the security offload engine; and 
reassembling the fragmented and decrypted additional packets using the communication protocol 
offload engine. 

5. (Original) The method of claim 1, further comprising: 

receiving from a remote host through the network additional packets which were fragmented but 
not encrypted; 

reassembling the fragmented and unencrypted packets using the communication protocol offload 

engine. 

6. (Original) The method of claim 1, further comprising: 

receiving from a remote host through the network additional packets which were encrypted but 
not fragmented; 

decrypting the unfragmented packets of encryption using the security offload engine; and 
forwarding the decrypted additional packets to the communication protocol offload engine. 

7. (Original) The method of claim 2, wherein the first encryption is a transport mode 
encryption and the second encryption is a tunnel mode encryption. 

8. (Original) The method of claim 1, further comprising: 

feeding the received packets through a feedforward path from a network interface receiver in the 
network adaptor, through the security offload engine and to the communication protocol offload engine to 
be reassembled; and 

feeding the reassembled packets from the communication protocol offload engine through a 
feedback path from the communication protocol offload engine to the security offload engine to be 
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decrypted. 

9. (Original) The method of claim 8, wherein said forwarding comprises: 

feeding the decrypted and reassembled packets through the feedforward path from the security 
offload engine to the communication protocol offload engine; said method further comprising: 

extracting a data payload from the decrypted and reassembled packets using the communication 
protocol offload engine. 

10. (Original) The method of claim 8, further comprising: 

multiplexing a flow of data packets in the feedforward path from the network interface receiver to 
the security offload engine and a flow of data packets in the feedback path from the communication 
protocol offload engine to the security offload engine. 

1 1 . (Original) A network adaptor for use with a network, comprising: 

a security offload engine having an input and an output and adapted to decrypt encrypted packets; 

a communication protocol offload engine having an input and an output and adapted to 
reassemble fragmented packets; 

a network interface receiver having an output coupled to the security offload engine input and an 
input adapted to receive from the network packets which were, prior to receipt, encrypted and fragmented 
after encryption; 

a feedforward path coupling said receiver output to said security offload engine input and said 
security offload engine output to said communication protocol offload engine input; 

a feedback path coupling said communication protocol offload engine output to said security 
offload engine input; and 

logic adapted to feed the fragmented packets from the network interface receiver through the 
feedforward path to the communication protocol offload engine to be reassembled in the communication 
protocol offload engine, to feed the reassembled packets from the communication protocol offload engine 
through the feedback path to the security offload engine to be decrypted in the security offload engine, 
and to feed the decrypted and reassembled packets from the security offload engine, through the 
feedforward path to the communication protocol offload engine. 
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12. (Original) The adaptor of claim 1 1 : 

wherein said receiver is adapted to receive from the network additional packets which were 
encrypted in a first encryption, fragmented after the first encryption and encrypted in a second encryption 
after the fragmentation; and 

wherein the logic is adapted to to feed the fragmented packets of the second encryption from the 
network interface receiver through the feedforward path to the security offload engine to be decrypted of 
the second encryption in the security offload engine; to feed the fragmented packets decrypted of the 
second encryption from the security offload engine through the feedforward path to the communication 
protocol offload engine to be reassembled in the communication protocol offload engine, to feed the 
reassembled packets of the first encryption from the communication protocol offload engine through the 
feedback path to the security offload engine to be decrypted of the first encryption in the security offload 
engine, and to feed the decrypted and reassembled additional packets packets from the security offload 
engine, through the feedforward path to the communication protocol offload engine. 

1 3 . (Original) The adaptor of claim 1 1 : 

wherein said receiver is adapted to receive from the network additional packets which were 
encrypted and fragmented after all encryption; and 

wherein the logic is adapted to to feed the fragmented additional packets from the network 
interface receiver through the feedforward path to the communication protocol offload engine to be 
reassembled in the communication protocol offload engine, to feed the reassembled additional packets 
from the communication protocol offload engine through the feedback path to the security offload engine 
to be decrypted in the security offload engine, and to feed the decrypted and reassembled additional 
packets packets from the security offload engine, through the feedforward path to the communication 
protocol offload engine. 

14. (Original) The adaptor of claim 1 1 : 

wherein said receiver is adapted to receive from the network additional packets which were 
fragmented and then encrypted; and 

wherein the logic is adapted to to feed the fragmented additional packets from the network 
interface receiver through the feedforward path to the security offload engine to be decrypted in the 
security offload engine, and to feed the decrypted additional packets packets from the security offload 
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engine, through the feedforward path to the communication protocol offload engine. 

15. (Original) The adaptor of claim 1 1 : 

wherein said receiver is adapted to receive from the network additional packets which were 
fragmented but not encrypted; and 

wherein the logic is adapted to to feed the fragmented additional packets from the network 
interface receiver through the feedforward path to the communication protocol offload engine to be 
reassembled in the communication protocol offload engine. 

16. (Original) The adaptor of claim 1 1 : 

wherein said receiver is adapted to receive from the network additional packets which were 
encrypted but not fragmented; and 

wherein the logic is adapted to to feed the encrypted additional packets from the network 
interface receiver through the feedforward path to the security offload engine to be decrypted of the 
encryption in the security offload engine, and to feed the decrypted and additional packets packets from 
the security offload engine, through the feedforward path to the communication protocol offload engine. 

1 7. (Original) The adaptor of claim 12 whereitfthe first encryption is a transport mode 
encryption and the second encryption is a tunnel mode encryption. 

18. (Original) The adaptor of claim 1 1 the communication protocol offload engine is adapted 
to extracting a data payload from the decrypted and reassembled packets. 

19. (Original) The adaptor of claim 1 1 wherein the feedback path and the feedforward path 
includes a multiplexor adapted to multiplex a flow of data packets in the feedforward path from the 
network interface receiver output to the security offload engine input and a flow of data packets in the 
feedback path from the communication protocol offload engine output to the security offload engine 
input. 

20. (Original) The adaptor of claim 1 1 wherein the feedback path includes a buffer wherein said 

logic is adapted to store reassembled packets from the communication protocol offload engine to await 
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multiplexing by said multiplexor to the security offload engine input. 

2 1 . (Original) A system for use with a network, comprising: 
a system memory; 

a processor coupled to the system memory; 

data storage coupled to the processor and the system memory; 

a data storage controller adapted to manage Input/Output (I/O) access to the data storage; and 
a network adaptor which includes: 

a security offload engine coupled to the memory and having an input and an output and adapted 
to decrypt encrypted packets; 

a communication protocol offload engine having an input and an output and adapted to 
reassemble fragmented packets; 

a network interface receiver having an output coupled to the security offload engine input and an 
input adapted to receive from the network packets which were, prior to receipt, encrypted and fragmented 
after encryption; 

a feedforward path coupling said receiver output to said security offload engine input and said 
security offload engine output to said communication protocol offload engine input; 

a feedback path coupling said communication protocol offload engine output to said security 
offload engine input; and 

logic adapted to feed the fragmented packets from the network interface receiver through the 
feedforward path to the communication protocol offload engine to be reassembled in the communication 
protocol offload engine, to feed the reassembled packets from the communication protocol offload engine 
through the feedback path to the security offload engine to be decrypted in the security offload engine, 
and to feed the decrypted and reassembled packets from the security offload engine, through the 
feedforward path to the communication protocol offload engine. 

22. (Original) An article of manufacture for use with a network wherein the article of 
manufacture causes operations to be performed, the operations comprising: 

receiving data packets from a remote host through the network wherein the received packets 
were, prior to receipt, encrypted and fragmented after encryption; 

reassembling the fragmented packets using a communication protocol offload engine in a network 
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adaptor coupling a host central processing unit to the network; 

decrypting the reassembled packets of encryption using a security offload engine in the network 
adaptor; and 

forwarding the decrypted and reassembled packets to the communication protocol offload engine. 

23. (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
receiving from a remote host through the network additional packets which were encrypted in a 

first encryption, fragmented after the first encryption and encrypted in a second encryption after the 
fragmentation; 

decrypting the fragmented packets of the second encryption of using the security offload engine; 
reassembling the fragmented packets decrypted of the second encryption using a communication 
protocol offload engine; 

decrypting the reassembled packets of the first encryption using the security offload engine; and 
forwarding the decrypted and reassembled additional packets to the communication protocol 
offload engine. 

24. (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
receiving from a remote host through the network additional packets which were encrypted and 

fragmented after all encryption; 

reassembling the fragmented additional packets using the communication protocol offload 

engine; 

decrypting the reassembled additional packets of encryption using the security offload engine; 

and 

forwarding the decrypted and reassembled additional packets to the communication protocol 
offload engine. 

25. (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
receiving from a remote host through the network additional packets which were fragmented and 

then encrypted; 

decrypting the fragmented additional packets of encryption using the security offload engine; and 
reassembling the fragmented and decrypted additional packets using the communication protocol 
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offload engine. 

26. (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
receiving from a remote host through the network additional packets which were fragmented but 

not encrypted; 

reassembling the fragmented and unencrypted packets using the communication protocol offload 

engine. 

27. (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
receiving from a remote host through the network additional packets which were encrypted but 

not fragmented; 

decrypting the unfragmented packets of encryption using the security offload engine; and 
forwarding the decrypted additional packets to the communication protocol offload engine. 

28. (Original) The article of manufacture of claim 23, wherein the first encryption is a transport 
mode encryption and the second encryption is a tunnel mode encryption. 

29. (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
feeding the received packets through a feedforward path from a network interface receiver in the 

network adaptor, through the security offload engine and to the communication protocol offload engine to 
be reassembled; and 

feeding the reassembled packets from the communication protocol offload engine through a 
feedback path from the communication protocol offload engine to the security offload engine to be 
decrypted. 

30. (Original) The article of manufacture of claim 29, wherein said forwarding operation 
comprises: 

feeding the decrypted and reassembled packets through the feedforward path from the security 
offload engine to the communication protocol offload engine; and 

wherein the operations further comprise extracting a data payload from the decrypted and 
reassembled packets using the communication protocol offload engine. 
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3 1 . (Original) The article of manufacture of claim 22, wherein the operations further comprise: 
multiplexing a flow of data packets in the feedforward path from the network interface receiver to 

the security offload engine and a flow of data packets in the feedback path from the communication 
protocol offload engine to the security offload engine. . 

32. (Original) The system of claim 21, wherein the logic is farther adapted to: 

multiplex a flow of data packets in the feedforward path from the network interface receiver to 
the security offload engine and a flow of data packets in the feedback path from the communication 
protocol offload engine to the security offload engine. 

33 . (Original) An adaptor, comprising: 

a network interface controller adapted to receive fragments of network packets, at least some of 
the fragments originating from network packets encrypted prior to fragmentation; 

a communication protocol offload engine to reassemble the network packets from the received 
fragments; 

a security offload engine to decrypt at least a portion of the reassembled network packets to 
provide decrypted packets; and 

logic adapted to selectively return ast least some of the decrypted packets to the communication 
protocol offload engine. 

34. (Original) The adaptor of claim 33 wherein the communication protocol of the 
communication protocol offload engine is the Transmission Control Protocol (TCP) and Internet Protocol 
(IP). 
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